What is the CVSS score of CVE-2026-31222?

CVE-2026-31222 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Snorkel are affected by CVE-2026-31222?

Snorkel machine learning library versions 0.10.0 and earlier contain an arbitrary code execution vulnerability in model checkpoint loading that could allow attackers to execute malicious code when…

Snorkel CVE-2026-31222

EUVD-2026-29506 HIGH

Deserialization of Untrusted Data (CWE-502)

2026-05-12 mitre

GHSA-78cp-f66x-qmh5

RCE Python Deserialization Checkpoint

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 13, 2026 - 15:55 vuln.today

CVSS changed

May 13, 2026 - 15:52 NVD

8.8 (HIGH)

CVE Published

May 12, 2026 - 00:00 nvd

HIGH 8.8

CVE Published

May 12, 2026 - 00:00 nvd

UNKNOWN (no severity yet)

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

5 pypi packages depend on snorkel (4 direct, 1 indirect)

Ecosystem-wide dependent count for version 0.10.0.

DescriptionNVD

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the Trainer.load() method of the Trainer class. The method loads model checkpoint files using torch.load() without enabling the security-restrictive weights_only=True parameter. This default behavior allows the deserialization of arbitrary Python objects via the Pickle module. A remote attacker can exploit this by providing a maliciously crafted model file, leading to arbitrary code execution on the victim's system when the file is loaded via the vulnerable method.

AnalysisAI

Arbitrary code execution in Snorkel machine learning library (≤v0.10.0) occurs when users load malicious model checkpoint files through the Trainer.load() method. The vulnerability stems from unsafe PyTorch deserialization that processes untrusted Pickle objects without the weights_only security parameter. …

RemediationAI

Within 24 hours: Identify all Snorkel deployments and versions in use across data science and ML infrastructure; notify teams to avoid loading model checkpoints from untrusted sources. Within 7 days: Implement code review and file-hash verification processes for all model checkpoint imports; consider temporary sandboxing of Trainer.load() operations. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-31222 vulnerability details – vuln.today

Back

Snorkel CVE-2026-31222

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code